Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/Fe7uHk9u40_jNRGrC3nW6harDMg.roa
File:                     Fe7uHk9u40_jNRGrC3nW6harDMg.roa (raw, json)
Hash identifier:          Es8wQl9RsGP2RKff96HG+AixU62lDbkaw0m12lyaH28=
Subject key identifier:   15:EE:EE:1E:4F:6E:E3:4F:E3:35:11:AB:0B:79:D6:EA:16:AB:0C:C8
Certificate issuer:       /CN=a24e523f304e22eae8cff880d8388493c5a01178
Certificate serial:       018CC56E96C86CCCBF0F9E6F9ABDAF9C3AA6
Authority key identifier: A2:4E:52:3F:30:4E:22:EA:E8:CF:F8:80:D8:38:84:93:C5:A0:11:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ok5SPzBOIuroz_iA2DiEk8WgEXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/Fe7uHk9u40_jNRGrC3nW6harDMg.roa
Signing time:             Mon 01 Jan 2024 14:30:08 +0000
ROA not before:           Mon 01 Jan 2024 14:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48662
IP address blocks:        45.89.0.0/22 maxlen: 24
                          2a0a:4a00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/ok5SPzBOIuroz_iA2DiEk8WgEXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/ok5SPzBOIuroz_iA2DiEk8WgEXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ok5SPzBOIuroz_iA2DiEk8WgEXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:96:c8:6c:cc:bf:0f:9e:6f:9a:bd:af:9c:3a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a24e523f304e22eae8cff880d8388493c5a01178
        Validity
            Not Before: Jan  1 14:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15eeee1e4f6ee34fe33511ab0b79d6ea16ab0cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ec:a2:f9:0d:c9:7d:71:37:f2:e9:3e:64:41:
                    3b:21:4e:27:e4:19:b8:cd:1d:26:f4:14:49:8e:f9:
                    30:be:b1:d4:67:52:9f:b5:56:e8:b6:f3:38:7d:4c:
                    ef:95:70:02:c0:fc:7c:3f:b7:64:df:94:a5:5f:65:
                    8b:fc:6d:c1:5b:b4:d2:a2:d5:e4:e0:e6:fa:26:ea:
                    cc:3d:ec:e2:0b:0f:3e:64:19:70:d8:0f:90:49:9e:
                    dd:af:5a:f9:6f:67:55:22:e3:86:a3:d2:88:4e:ae:
                    cf:19:14:28:ab:dc:97:f1:61:90:ab:d8:83:70:5f:
                    a9:ca:d7:c0:db:e0:6f:55:07:38:d8:e6:ca:ca:06:
                    2d:4c:c0:55:df:72:09:ad:b3:88:28:e1:ff:0a:29:
                    a5:1a:e7:5e:9c:44:f2:31:61:27:49:7e:64:a0:7c:
                    9a:6f:35:d2:cc:d3:5a:0f:c3:2e:b1:b0:cb:1c:f2:
                    3c:81:da:ca:3b:b1:d6:76:a1:98:fe:60:46:b7:9a:
                    b2:c1:b8:fe:e8:ab:db:b8:bb:f9:ea:fc:47:01:f7:
                    97:24:02:8d:e6:0a:d8:40:d1:e6:4d:98:fd:df:15:
                    c2:90:08:65:6c:80:73:51:ac:8c:29:28:5b:bf:df:
                    ee:b5:c0:67:8d:3b:73:2a:82:54:29:c8:f4:20:59:
                    d7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EE:EE:1E:4F:6E:E3:4F:E3:35:11:AB:0B:79:D6:EA:16:AB:0C:C8
            X509v3 Authority Key Identifier:
                keyid:A2:4E:52:3F:30:4E:22:EA:E8:CF:F8:80:D8:38:84:93:C5:A0:11:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ok5SPzBOIuroz_iA2DiEk8WgEXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/Fe7uHk9u40_jNRGrC3nW6harDMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0ee012-ba7b-4606-9d7c-c4ace4f834b5/1/ok5SPzBOIuroz_iA2DiEk8WgEXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.0.0/22
                IPv6:
                  2a0a:4a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:9d:99:5f:d2:3d:d3:69:8e:b7:cc:9b:69:25:6e:8b:05:45:
         83:54:a8:5f:71:55:62:5a:df:5b:cb:56:ce:10:20:6e:50:05:
         8b:da:97:36:8b:3e:f0:fc:3c:5f:9d:24:67:bd:a4:92:cc:61:
         95:af:fb:9f:5b:ac:9d:9e:00:6a:64:04:c8:c9:2b:1f:40:58:
         9d:70:6c:c1:ce:d0:d1:79:58:2b:d5:ca:af:de:f4:d2:9f:90:
         4e:50:9b:a3:f5:8c:dc:38:cb:ad:8e:c7:d2:41:ac:c1:6d:97:
         08:51:5b:73:ed:8a:4f:19:b8:3b:15:f5:ad:e5:be:a5:02:cc:
         f7:2d:d3:13:28:e6:28:51:f5:b1:e2:83:7e:a3:8e:29:ef:a0:
         27:6a:f9:7b:03:dd:0b:31:07:15:47:da:e8:2c:de:8f:b8:76:
         29:f1:61:c6:cb:80:ab:b0:96:ea:41:b3:54:0b:f7:26:2f:cc:
         3d:14:c3:fc:c7:9a:8e:69:bf:a4:17:3c:c0:55:4d:25:df:7f:
         ad:55:92:73:60:f0:6c:53:4e:5e:ea:19:62:a6:11:a0:8b:76:
         31:b6:e8:40:b6:ff:6f:51:07:c5:fc:0c:97:29:51:15:d8:04:
         b5:1a:6e:41:0d:ce:ac:8c:eb:2a:04:b9:c3:ec:5e:df:d0:dd:
         3d:e1:8e:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbpbIbMy/D55vmr2vnDqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGU1MjNmMzA0ZTIyZWFlOGNmZjg4MGQ4Mzg4NDkzYzVh
MDExNzgwHhcNMjQwMTAxMTQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWVlZWUxZTRmNmVlMzRmZTMzNTExYWIwYjc5ZDZlYTE2YWIwY2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+yi+Q3JfXE38uk+ZEE7IU4n5Bm4
zR0m9BRJjvkwvrHUZ1KftVbotvM4fUzvlXACwPx8P7dk35SlX2WL/G3BW7TSotXk
4Ob6JurMPeziCw8+ZBlw2A+QSZ7dr1r5b2dVIuOGo9KITq7PGRQoq9yX8WGQq9iD
cF+pytfA2+BvVQc42ObKygYtTMBV33IJrbOIKOH/CimlGudenETyMWEnSX5koHya
bzXSzNNaD8MusbDLHPI8gdrKO7HWdqGY/mBGt5qywbj+6KvbuLv56vxHAfeXJAKN
5grYQNHmTZj93xXCkAhlbIBzUayMKShbv9/utcBnjTtzKoJUKcj0IFnXrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBXu7h5PbuNP4zURqwt51uoWqwzIMB8GA1UdIwQY
MBaAFKJOUj8wTiLq6M/4gNg4hJPFoBF4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2s1U1B6Qk9JdXJvel9pQTJEaUVrOFdnRVhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8wZWUwMTItYmE3Yi00NjA2LTlkN2Mt
YzRhY2U0ZjgzNGI1LzEvRmU3dUhrOXU0MF9qTlJHckMzblc2aGFyRE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8wZWUwMTItYmE3Yi00NjA2LTlkN2MtYzRhY2U0ZjgzNGI1
LzEvb2s1U1B6Qk9JdXJvel9pQTJEaUVrOFdnRVhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVkAMA0E
AgACMAcDBQMqCkoAMA0GCSqGSIb3DQEBCwUAA4IBAQCdnZlf0j3TaY63zJtpJW6L
BUWDVKhfcVViWt9by1bOECBuUAWL2pc2iz7w/DxfnSRnvaSSzGGVr/ufW6ydngBq
ZATIySsfQFidcGzBztDReVgr1cqv3vTSn5BOUJuj9YzcOMutjsfSQazBbZcIUVtz
7YpPGbg7FfWt5b6lAsz3LdMTKOYoUfWx4oN+o44p76Anavl7A90LMQcVR9roLN6P
uHYp8WHGy4CrsJbqQbNUC/cmL8w9FMP8x5qOab+kFzzAVU0l33+tVZJzYPBsU05e
6hliphGgi3YxtuhAtv9vUQfF/AyXKVEV2AS1Gm5BDc6sjOsqBLnD7F7f0N094Y6L
-----END CERTIFICATE-----